Sniffing From Squid SSL

cyb33r · 09-07-2013, 03:17 PM

I created a Squid proxy and a self signed ssl, The SSL certificate on the server is a private cert linked to the ssl-bump feature. I am using tshark to dump the SSL traffic, but i can't sniffing with tshark. for example my tshark command is:

Code:

tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 209.190.x.x,443,http,/etc/squid/ssl/file/squid.key" -o "ssl.debug_file: /tmp/.wireshark-log" -i eth0 -R "http.request.method==GET or http.request.method==POST"

I know the squid works (and i can sniffing all data from http), and i can see the log of https site in /var/log/squid/access.log but i can't sniff full data of https. i also know Squid becomes a man-in-the-middle in this scenario and make 2 ssl key One between the client and squid, the other between squid and the server. i can't sniff the data between the client and squid but i think i can sniffing data between server(me) and squid.
How can i sniff it? is there any alternative for tshark?

onebuck · 09-07-2013, 09:22 PM

Please re-read LQ Rules;

Quote:

Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed

This thread is closed.